1. Field of the Invention
The present invention relates to an encryption system where digital productions such as digitized documents, audio, images, or programs are encrypted and distributed via transmission mediums or storage mediums, and especially relates to a technique for managing a plurality of types of encryption devices and decryption devices using a single key management device.
2. Description of the Prior Art
When distributing digital productions such as digitized documents, audio, images, or programs on the market, it is necessary to protect the digital productions against unauthorized use. For this aim, a digital production is conventionally encrypted in an encryption device using a secret encryption key and distributed via a transmission or storage medium (hereinafter, distribution medium), the encrypted digital production then being decrypted in a decryption device using a decryption key.
However, there is a danger that a third party may illegally decode the decryption key and use it to decrypt the encrypted digital production, or the third party may produce copies of the distribution medium.
Accordingly, the first problem concerning the encryption systems is to prevent unauthorized decoding of the decryption key.
In view of the first problem, it is desirable to use a plurality of encryption devices that each have different encryption keys. Also, the number of encryption keys possessed by one encryption device is preferably smaller than the total number of keys possessed by a key management device.
The second problem concerning the encryption systems is that it a decryption key stored in one decryption device is decoded by the unauthorized third party, it can be used to decrypt the encrypted digital production in other decryption devices.
In view of the second problem, it is desirable to provide different keys for different decryption devices. Here, an encryption system has been proposed for successful decryption of encrypted data in various types of decryption devices. In this system, each encryption device stores different encryption keys corresponding to all decryption devices and produces a ciphertext for each of the encryption keys. On receiving a plurality of ciphertexts generated by the encryption device, each decryption device identifies and retrieves a ciphertext which was encrypted using an encryption key corresponding to its device type and decrypts the retrieved ciphertext. Systems for assigning a plurality of decryption keys to each decryption device have also been proposed.
The third problem concerning the encryption systems is that, when there is the suspicion that a distribution medium has been copied without proper authorization, it is necessary to specify a type of an encryption device which produced the distribution medium used to make the copy, in order to specify the producer and the distribution channel of the medium.
In view of the first and second problems, the present invention aims to provide an encryption system where a plurality of different encryption devices each store different encryption keys and a plurality of different decryption devices each store different decryption keys, wherein the number of encryption keys stored in one encryption device is smaller than the total number of keys stored in the key management device. Also, in view of the third problem, the present invention aims to provide an encryption system where, when a distribution medium appears to have been copied by an unauthorized third party, it is possible to identify a type of an encryption device which produced the copied distribution medium.
The above objects can be fulfilled by an encryption system comprising a key management device, encryption devices of M types, and decryption devices of N types, wherein M and N are both integers that are no less than 2, the encryption system being characterized in that: the key management device stores M encryption key sets, N decryption key sets, and N identification numbers, distributes a different one of the M encryption key sets to all encryption devices of a same type out of the M types, distributes a different one of the N decryption key sets to all decryption devices of a same type out of the N types, and distributes a different one of the N identification numbers to all decryption devices of the same type out of the N types, wherein each encryption key set includes N encryption keys, and each decryption key set includes a predetermined number of decryption keys; each encryption device encrypts digital data using a scramble key to generate encrypted digital data, encrypts the scramble key using each of N encryption keys included in a distributed encryption key set to generate N encrypted scramble keys, and writes the encrypted digital data and the N encrypted scramble keys into a distribution medium; and each decryption device decrypts an encrypted scramble key, which is identified by a distributed identification number, among the N encrypted scramble keys written in the distribution medium, using each of the predetermined number of decryption keys included in a distributed decryption key set, selects a decryption key that correctly decrypts the encrypted scramble key according to a predetermined criterion, and decrypts the encrypted digital data written in the distribution medium using the scramble key obtained by correctly decrypting the encrypted scramble key to obtain the digital data, and wherein the key management device includes: a first ciphertext read unit for reading an encrypted scramble key from the distribution medium; a decryption key set read unit for reading a decryption key set from the N decryption key sets; a decryption selection unit for decrypting the read encrypted scramble key using each of the predetermined number of decryption keys included in the read decryption key set in order to select a decryption key, among the predetermined number of decryption keys, that correctly decrypts the encrypted scramble key according to the predetermined criterion; a first repeat control unit for controlling the first ciphertext read unit, the decryption key set read unit, and the decryption selection unit to respectively repeat an encrypted scramble key reading, a decryption key set reading, and an encrypted scramble key decryption, until the N encrypted scramble keys are read from the distribution medium, wherein N decryption keys are selected as a result of a control by the first repeat control unit; and a key pattern detection unit for detecting an encryption key set, among the M encryption key sets, that matches the selected N decryption keys and identifying an encryption device type, among the M types, specified by the detected encryption key set.
With the stated construction, each different decryption device is provided with a different decryption key set, so that it is difficult for a third party to decode ciphertexts. Also, even if the third party analyzes a decryption device of one type and obtains decryption keys, these decryption keys cannot be used in decryption devices of the other types, so that these decryption devices remain secure. Also, the key management device can identify a type of an encryption device that produced a copied distribution medium.
Here, the key management device may include: a first decryption key storage unit for storing the N decryption key sets which each include the predetermined number of decryption keys; an encryption key generation unit for generating an encryption key set which includes N encryption keys by selecting a decryption key, from each decryption key set stored in the first decryption key storage unit, as an encryption key according to a first predetermined method; a first encryption key storage unit for storing the generated encryption key set; a second repeat control unit for controlling the encryption key generation unit to repeat an encryption key set generation until the M encryption key sets are generated, wherein the first encryption key storage unit stores the generated M encryption key sets; an encryption key set distribution unit for distributing a different one of the M encryption key sets stored in the first encryption key storage unit to all encryption devices of the same type out of the M types; a decryption key set distribution unit for distributing a different one of the N decryption key sets stored in the first decryption key storage unit to all decryption devices of the same type out of the N types; and an identification number distribution unit for distributing a different one of the N identification numbers to all decryption devices of the same type out of the N types.
Here, the first predetermined method may be to randomly select the decryption key from each decryption key set stored in the first decryption key storage unit.
With the stated construction, the N encryption keys assigned to each encryption device are determined by randomly selecting a decryption key from the predetermined number of decryption keys in a decryption key set assigned to each decryption device. Accordingly, different encryption key sets can be provided for a large number of encryption devices.
Here, the first predetermined method may be to randomly and uniformly select the decryption key from each decryption key set stored in the first decryption key storage unit.
With the stated construction, the N encryption keys assigned to each encryption device are determined by randomly and uniformly selecting a decryption key from the predetermined number of decryption keys in a decryption key set assigned to each decryption device. Accordingly, even if the third party obtains encryption keys stored in an encryption device of one type, it cannot detect encryption keys in encryption devices of the other types using the obtained encryption keys.
Here, the key management device may include: a first decryption key storage unit for storing the N decryption key sets which each include the predetermined number of decryption keys; an encryption key generation unit for generating an encryption key set which includes N encryption keys by selecting a decryption key, from each decryption key set stored in the first decryption key storage unit, as an encryption key according to a first predetermined method; a first encryption key storage unit for storing the generated encryption key set; a second repeat control unit for controlling the encryption key generation unit to repeat an encryption key set generation until the M encryption key sets are generated, wherein the first encryption key storage unit stores the generated M encryption key sets; an encryption key set distribution unit for distributing a different one of the M encryption key sets stored in the first encryption key storage unit to all encryption devices of the same type out of the M types; a decryption key set distribution unit for distributing a different one of the N decryption key sets stored in the first decryption key storage unit to all decryption devices of the same type out of the N types; and an identification number distribution unit for distributing a different one of the N identification numbers to all decryption devices of the same type out of the N types, and wherein each decryption device includes: an identification number storage unit for storing the identification number distributed from the key management device; a second decryption key storage unit for storing the decryption key set distributed from the key management device, the decryption key set including the predetermined number of decryption keys; a second ciphertext read unit for reading the encrypted scramble key identified by the identification number from the distribution medium; a digital data read unit for reading the encrypted digital data from the distribution medium; a second decryption key read unit for reading a decryption key from the decryption key set stored in the second decryption key storage unit; a second decrypted text generation unit for decrypting the read encrypted scramble key using the read decryption key to generate a decrypted text; a second decrypted text check means for checking whether the decrypted text is a correct decrypted text according to the predetermined criterion, wherein the correct decrypted text includes the scramble key; a fourth repeat control unit for controlling the second decryption key read unit, the second decrypted text generation unit, and the second decrypted text check unit to respectively repeat a decryption key reading, an encrypted scramble key decryption, and a decrypted text checking until the predetermined number of decryption keys are read from the decryption key set; and a digital data decryption unit for decrypting the encrypted digital data using the obtained scramble key to obtain the digital data.
With the stated construction, the key management device distributes information for identifying an encrypted scramble key that corresponds to each decryption device among the N encrypted scramble keys generated by each encryption device, to the corresponding decryption device. Accordingly, each decryption device can identify the encrypted scramble key using the information.
Here, each encryption device may include: a second encryption key storage unit for storing the encryption key set distributed from the key management device, the encryption key set including the N encryption keys; a scramble key generation unit for generating the scramble key; a digital data encryption unit for receiving the digital data from outside and encrypting the digital data using the scramble key to generate the encrypted digital data; a key encryption unit for encrypting, according to a second predetermined method, the scramble key using each of the N encryption keys included in the encryption key set in the second encryption key storage unit in order to generate the N encrypted scramble keys; and a medium write unit for writing the encrypted digital data and the N encrypted scramble keys into the distribution medium, and wherein each decryption device includes: an identification number storage unit for storing the identification number distributed from the key management device; a second decryption key storage unit for storing the decryption key set distributed from the key management device, the decryption key set including the predetermined number of decryption keys; a second ciphertext read unit for reading the encrypted scramble key identified by the identification number from the distribution medium; a digital data read unit for reading the encrypted digital data from the distribution medium; a second decryption key read unit for reading a decryption key from the decryption key set stored in the second decryption key storage unit; a second decrypted text generation unit for decrypting the read encrypted scramble key using the read decryption key to generate a decrypted text; a second decrypted text check unit for checking whether the decrypted text is a correct decrypted text according to the predetermined criterion, wherein the correct decrypted text includes the scramble key; a fourth repeat control unit for controlling the second decryption key read unit, the second decrypted text generation unit, and the second decrypted text check unit to respectively repeat a decryption key reading, an encrypted scramble key decryption, and a decrypted text checking until the predetermined number of decryption keys are read from the decryption key set; and a digital data decryption unit for decrypting the encrypted digital data using the obtained scramble key to obtain the digital data.
Here, the second predetermined method may be to combine the scramble key with a set of fixed information and encrypt a combination of the scramble key and the set of fixed information, and wherein the predetermined criterion is that the decrypted text includes the set of fixed information.
With the stated construction, the encryption device combines the scramble key with the set of fixed information and encrypts the combination to generate a ciphertext. The decryption device decrypts the ciphertext using each decryption key and obtains the set of fixed information, with which the decryption device judges that the ciphertext is correctly decrypted. Accordingly, the decryption key that correctly decrypts the ciphertext can easily be specified.
Here, the second predetermined method may be to encrypt the scramble key and a set of fixed information to respectively generate the N encrypted scramble keys and N sets of encrypted fixed information, wherein the medium write unit writes the encrypted digital data, the N encrypted scramble keys, and the N sets of encrypted fixed information into the distribution medium, wherein each decryption device further includes: an encrypted fixed information read unit for reading a set of encrypted fixed information, among the N sets of encrypted fixed information, that is identified by the identification number; and an encrypted fixed information decryption unit for decrypting the set of encrypted fixed information using each of the predetermined number of decryption keys in the decryption key set, and wherein the predetermined criterion is that the set of fixed information is obtained as a result of decrypting the set of encrypted fixed information.
With the stated construction, when encrypting the scramble key, the encryption device also encrypts the set of fixed information to generate the N sets of encrypted fixed information. When decrypting the encrypted scramble key, the decryption device decrypts the set of encrypted fixed information, identified by its identification number, using each decryption key and obtains the set of fixed information, with which the decryption device judges that the encrypted scramble key is correctly decrypted. Accordingly, the decryption key that correctly decrypts the encrypted scramble key can easily be specified.